npm - @versini/auth-provider - Versions diffs - 8.0.3 → 8.0.5 - Mend

@versini/auth-provider 8.0.3 → 8.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index-DxGUVOpC.js DELETED Viewed

@@ -1,985 +0,0 @@
-var ee = Object.defineProperty, te = (e, t, r) => t in e ? ee(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r, c = (e, t, r) => te(e, typeof t != "symbol" ? t + "" : t, r);
-/*!
-  @versini/auth-common v4.4.0
-  © 2025 gizmette.com
-*/
-try {
-  window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "4.4.0",
-    buildTime: "06/02/2025 05:45 PM EDT",
-    homepage: "https://github.com/aversini/auth-client",
-    license: "MIT"
-  });
-} catch {
-}
-const qe = {
-  ID_TOKEN: "id_token",
-  ACCESS_TOKEN: "token",
-  ID_AND_ACCESS_TOKEN: "id_token token",
-  CODE: "code",
-  REFRESH_TOKEN: "refresh_token",
-  PASSKEY: "passkey",
-  AUTH0: "auth0"
-}, ze = {
-  CLIENT_ID: "X-Auth-ClientId",
-  AUTH_TYPE: "X-Auth-Type"
-}, I = {
-  ALG: "RS256",
-  USER_ID_KEY: "sub",
-  USERNAME_KEY: "username",
-  EMAIL_KEY: "email",
-  TOKEN_ID_KEY: "__raw",
-  NONCE_KEY: "_nonce",
-  AUTH_TYPE_KEY: "auth_type",
-  EXPIRES_AT_KEY: "exp",
-  CREATED_AT_KEY: "iat",
-  SCOPES_KEY: "scopes",
-  CLIENT_ID_KEY: "aud",
-  ISSUER: "gizmette.com"
-}, re = `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
-w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
-i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
-aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
-l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
-sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
-awIDAQAB
------END PUBLIC KEY-----`, Qe = {
-  CODE: "code",
-  LOGOUT: "logout",
-  LOGIN: "login",
-  REFRESH: "refresh"
-}, _ = new TextEncoder(), C = new TextDecoder();
-function ae(...e) {
-  const t = e.reduce((n, { length: o }) => n + o, 0), r = new Uint8Array(t);
-  let a = 0;
-  for (const n of e)
-    r.set(n, a), a += n.length;
-  return r;
-}
-function ne(e) {
-  if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(e);
-  const t = atob(e), r = new Uint8Array(t.length);
-  for (let a = 0; a < t.length; a++)
-    r[a] = t.charCodeAt(a);
-  return r;
-}
-function P(e) {
-  if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(typeof e == "string" ? e : C.decode(e), {
-      alphabet: "base64url"
-    });
-  let t = e;
-  t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
-  try {
-    return ne(t);
-  } catch {
-    throw new TypeError("The input to be decoded is not correctly encoded.");
-  }
-}
-class A extends Error {
-  constructor(t, r) {
-    var a;
-    super(t, r), c(this, "code", "ERR_JOSE_GENERIC"), this.name = this.constructor.name, (a = Error.captureStackTrace) == null || a.call(Error, this, this.constructor);
-  }
-}
-c(A, "code", "ERR_JOSE_GENERIC");
-class p extends A {
-  constructor(t, r, a = "unspecified", n = "unspecified") {
-    super(t, { cause: { claim: a, reason: n, payload: r } }), c(this, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED"), c(this, "claim"), c(this, "reason"), c(this, "payload"), this.claim = a, this.reason = n, this.payload = r;
-  }
-}
-c(p, "code", "ERR_JWT_CLAIM_VALIDATION_FAILED");
-class D extends A {
-  constructor(t, r, a = "unspecified", n = "unspecified") {
-    super(t, { cause: { claim: a, reason: n, payload: r } }), c(this, "code", "ERR_JWT_EXPIRED"), c(this, "claim"), c(this, "reason"), c(this, "payload"), this.claim = a, this.reason = n, this.payload = r;
-  }
-}
-c(D, "code", "ERR_JWT_EXPIRED");
-class Y extends A {
-  constructor() {
-    super(...arguments), c(this, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
-  }
-}
-c(Y, "code", "ERR_JOSE_ALG_NOT_ALLOWED");
-class E extends A {
-  constructor() {
-    super(...arguments), c(this, "code", "ERR_JOSE_NOT_SUPPORTED");
-  }
-}
-c(E, "code", "ERR_JOSE_NOT_SUPPORTED");
-class l extends A {
-  constructor() {
-    super(...arguments), c(this, "code", "ERR_JWS_INVALID");
-  }
-}
-c(l, "code", "ERR_JWS_INVALID");
-class f extends A {
-  constructor() {
-    super(...arguments), c(this, "code", "ERR_JWT_INVALID");
-  }
-}
-c(f, "code", "ERR_JWT_INVALID");
-class F extends A {
-  constructor(t = "signature verification failed", r) {
-    super(t, r), c(this, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
-  }
-}
-c(F, "code", "ERR_JWS_SIGNATURE_VERIFICATION_FAILED");
-function w(e, t = "algorithm.name") {
-  return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
-}
-function k(e, t) {
-  return e.name === t;
-}
-function H(e) {
-  return parseInt(e.name.slice(4), 10);
-}
-function oe(e) {
-  switch (e) {
-    case "ES256":
-      return "P-256";
-    case "ES384":
-      return "P-384";
-    case "ES512":
-      return "P-521";
-    default:
-      throw new Error("unreachable");
-  }
-}
-function se(e, t) {
-  if (!e.usages.includes(t))
-    throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
-}
-function ie(e, t, r) {
-  switch (t) {
-    case "HS256":
-    case "HS384":
-    case "HS512": {
-      if (!k(e.algorithm, "HMAC"))
-        throw w("HMAC");
-      const a = parseInt(t.slice(2), 10);
-      if (H(e.algorithm.hash) !== a)
-        throw w(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "RS256":
-    case "RS384":
-    case "RS512": {
-      if (!k(e.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw w("RSASSA-PKCS1-v1_5");
-      const a = parseInt(t.slice(2), 10);
-      if (H(e.algorithm.hash) !== a)
-        throw w(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "PS256":
-    case "PS384":
-    case "PS512": {
-      if (!k(e.algorithm, "RSA-PSS"))
-        throw w("RSA-PSS");
-      const a = parseInt(t.slice(2), 10);
-      if (H(e.algorithm.hash) !== a)
-        throw w(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "Ed25519":
-    case "EdDSA": {
-      if (!k(e.algorithm, "Ed25519"))
-        throw w("Ed25519");
-      break;
-    }
-    case "ES256":
-    case "ES384":
-    case "ES512": {
-      if (!k(e.algorithm, "ECDSA"))
-        throw w("ECDSA");
-      const a = oe(t);
-      if (e.algorithm.namedCurve !== a)
-        throw w(a, "algorithm.namedCurve");
-      break;
-    }
-    default:
-      throw new TypeError("CryptoKey does not support this operation");
-  }
-  se(e, r);
-}
-function G(e, t, ...r) {
-  var a;
-  if (r = r.filter(Boolean), r.length > 2) {
-    const n = r.pop();
-    e += `one of type ${r.join(", ")}, or ${n}.`;
-  } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
-  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (a = t.constructor) != null && a.name && (e += ` Received an instance of ${t.constructor.name}`), e;
-}
-const ce = (e, ...t) => G("Key must be ", e, ...t);
-function V(e, t, ...r) {
-  return G(`Key for the ${e} algorithm must be `, t, ...r);
-}
-function q(e) {
-  return e?.[Symbol.toStringTag] === "CryptoKey";
-}
-function z(e) {
-  return e?.[Symbol.toStringTag] === "KeyObject";
-}
-const Q = (e) => q(e) || z(e), le = (...e) => {
-  const t = e.filter(Boolean);
-  if (t.length === 0 || t.length === 1)
-    return !0;
-  let r;
-  for (const a of t) {
-    const n = Object.keys(a);
-    if (!r || r.size === 0) {
-      r = new Set(n);
-      continue;
-    }
-    for (const o of n) {
-      if (r.has(o))
-        return !1;
-      r.add(o);
-    }
-  }
-  return !0;
-};
-function de(e) {
-  return typeof e == "object" && e !== null;
-}
-const T = (e) => {
-  if (!de(e) || Object.prototype.toString.call(e) !== "[object Object]")
-    return !1;
-  if (Object.getPrototypeOf(e) === null)
-    return !0;
-  let t = e;
-  for (; Object.getPrototypeOf(t) !== null; )
-    t = Object.getPrototypeOf(t);
-  return Object.getPrototypeOf(e) === t;
-}, ue = (e, t) => {
-  if (e.startsWith("RS") || e.startsWith("PS")) {
-    const { modulusLength: r } = t.algorithm;
-    if (typeof r != "number" || r < 2048)
-      throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
-  }
-}, K = (e, t, r = 0) => {
-  r === 0 && (t.unshift(t.length), t.unshift(6));
-  const a = e.indexOf(t[0], r);
-  if (a === -1)
-    return !1;
-  const n = e.subarray(a, a + t.length);
-  return n.length !== t.length ? !1 : n.every((o, s) => o === t[s]) || K(e, t, a + 1);
-}, ye = (e) => {
-  switch (!0) {
-    case K(e, [42, 134, 72, 206, 61, 3, 1, 7]):
-      return "P-256";
-    case K(e, [43, 129, 4, 0, 34]):
-      return "P-384";
-    case K(e, [43, 129, 4, 0, 35]):
-      return "P-521";
-    default:
-      return;
-  }
-}, pe = async (e, t, r, a, n) => {
-  let o, s;
-  const i = new Uint8Array(atob(r.replace(e, "")).split("").map((d) => d.charCodeAt(0)));
-  switch (a) {
-    case "PS256":
-    case "PS384":
-    case "PS512":
-      o = { name: "RSA-PSS", hash: `SHA-${a.slice(-3)}` }, s = ["verify"];
-      break;
-    case "RS256":
-    case "RS384":
-    case "RS512":
-      o = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${a.slice(-3)}` }, s = ["verify"];
-      break;
-    case "RSA-OAEP":
-    case "RSA-OAEP-256":
-    case "RSA-OAEP-384":
-    case "RSA-OAEP-512":
-      o = {
-        name: "RSA-OAEP",
-        hash: `SHA-${parseInt(a.slice(-3), 10) || 1}`
-      }, s = ["encrypt", "wrapKey"];
-      break;
-    case "ES256":
-      o = { name: "ECDSA", namedCurve: "P-256" }, s = ["verify"];
-      break;
-    case "ES384":
-      o = { name: "ECDSA", namedCurve: "P-384" }, s = ["verify"];
-      break;
-    case "ES512":
-      o = { name: "ECDSA", namedCurve: "P-521" }, s = ["verify"];
-      break;
-    case "ECDH-ES":
-    case "ECDH-ES+A128KW":
-    case "ECDH-ES+A192KW":
-    case "ECDH-ES+A256KW": {
-      const d = ye(i);
-      o = d != null && d.startsWith("P-") ? { name: "ECDH", namedCurve: d } : { name: "X25519" }, s = [];
-      break;
-    }
-    case "Ed25519":
-    case "EdDSA":
-      o = { name: "Ed25519" }, s = ["verify"];
-      break;
-    default:
-      throw new E('Invalid or unsupported "alg" (Algorithm) value');
-  }
-  return crypto.subtle.importKey(t, i, o, !0, s);
-}, he = (e, t, r) => pe(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-function fe(e) {
-  let t, r;
-  switch (e.kty) {
-    case "RSA": {
-      switch (e.alg) {
-        case "PS256":
-        case "PS384":
-        case "PS512":
-          t = { name: "RSA-PSS", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "RS256":
-        case "RS384":
-        case "RS512":
-          t = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "RSA-OAEP":
-        case "RSA-OAEP-256":
-        case "RSA-OAEP-384":
-        case "RSA-OAEP-512":
-          t = {
-            name: "RSA-OAEP",
-            hash: `SHA-${parseInt(e.alg.slice(-3), 10) || 1}`
-          }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
-          break;
-        default:
-          throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-      }
-      break;
-    }
-    case "EC": {
-      switch (e.alg) {
-        case "ES256":
-          t = { name: "ECDSA", namedCurve: "P-256" }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "ES384":
-          t = { name: "ECDSA", namedCurve: "P-384" }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "ES512":
-          t = { name: "ECDSA", namedCurve: "P-521" }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "ECDH-ES":
-        case "ECDH-ES+A128KW":
-        case "ECDH-ES+A192KW":
-        case "ECDH-ES+A256KW":
-          t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
-          break;
-        default:
-          throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-      }
-      break;
-    }
-    case "OKP": {
-      switch (e.alg) {
-        case "Ed25519":
-        case "EdDSA":
-          t = { name: "Ed25519" }, r = e.d ? ["sign"] : ["verify"];
-          break;
-        case "ECDH-ES":
-        case "ECDH-ES+A128KW":
-        case "ECDH-ES+A192KW":
-        case "ECDH-ES+A256KW":
-          t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
-          break;
-        default:
-          throw new E('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
-      }
-      break;
-    }
-    default:
-      throw new E('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
-  }
-  return { algorithm: t, keyUsages: r };
-}
-const me = async (e) => {
-  if (!e.alg)
-    throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = fe(e), a = { ...e };
-  return delete a.alg, delete a.use, crypto.subtle.importKey("jwk", a, t, e.ext ?? !e.d, e.key_ops ?? r);
-};
-async function we(e, t, r) {
-  if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
-    throw new TypeError('"spki" must be SPKI formatted string');
-  return he(e, t);
-}
-const Se = (e, t, r, a, n) => {
-  if (n.crit !== void 0 && a?.crit === void 0)
-    throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
-  if (!a || a.crit === void 0)
-    return /* @__PURE__ */ new Set();
-  if (!Array.isArray(a.crit) || a.crit.length === 0 || a.crit.some((s) => typeof s != "string" || s.length === 0))
-    throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
-  let o;
-  r !== void 0 ? o = new Map([...Object.entries(r), ...t.entries()]) : o = t;
-  for (const s of a.crit) {
-    if (!o.has(s))
-      throw new E(`Extension Header Parameter "${s}" is not recognized`);
-    if (n[s] === void 0)
-      throw new e(`Extension Header Parameter "${s}" is missing`);
-    if (o.get(s) && a[s] === void 0)
-      throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`);
-  }
-  return new Set(a.crit);
-}, Ee = (e, t) => {
-  if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
-    throw new TypeError(`"${e}" option must be an array of strings`);
-  if (t)
-    return new Set(t);
-};
-function U(e) {
-  return T(e) && typeof e.kty == "string";
-}
-function ge(e) {
-  return e.kty !== "oct" && typeof e.d == "string";
-}
-function Ae(e) {
-  return e.kty !== "oct" && typeof e.d > "u";
-}
-function be(e) {
-  return e.kty === "oct" && typeof e.k == "string";
-}
-let g;
-const $ = async (e, t, r, a = !1) => {
-  g || (g = /* @__PURE__ */ new WeakMap());
-  let n = g.get(e);
-  if (n != null && n[r])
-    return n[r];
-  const o = await me({ ...t, alg: r });
-  return a && Object.freeze(e), n ? n[r] = o : g.set(e, { [r]: o }), o;
-}, ve = (e, t) => {
-  var r;
-  g || (g = /* @__PURE__ */ new WeakMap());
-  let a = g.get(e);
-  if (a != null && a[t])
-    return a[t];
-  const n = e.type === "public", o = !!n;
-  let s;
-  if (e.asymmetricKeyType === "x25519") {
-    switch (t) {
-      case "ECDH-ES":
-      case "ECDH-ES+A128KW":
-      case "ECDH-ES+A192KW":
-      case "ECDH-ES+A256KW":
-        break;
-      default:
-        throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    }
-    s = e.toCryptoKey(e.asymmetricKeyType, o, n ? [] : ["deriveBits"]);
-  }
-  if (e.asymmetricKeyType === "ed25519") {
-    if (t !== "EdDSA" && t !== "Ed25519")
-      throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    s = e.toCryptoKey(e.asymmetricKeyType, o, [
-      n ? "verify" : "sign"
-    ]);
-  }
-  if (e.asymmetricKeyType === "rsa") {
-    let i;
-    switch (t) {
-      case "RSA-OAEP":
-        i = "SHA-1";
-        break;
-      case "RS256":
-      case "PS256":
-      case "RSA-OAEP-256":
-        i = "SHA-256";
-        break;
-      case "RS384":
-      case "PS384":
-      case "RSA-OAEP-384":
-        i = "SHA-384";
-        break;
-      case "RS512":
-      case "PS512":
-      case "RSA-OAEP-512":
-        i = "SHA-512";
-        break;
-      default:
-        throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    }
-    if (t.startsWith("RSA-OAEP"))
-      return e.toCryptoKey({
-        name: "RSA-OAEP",
-        hash: i
-      }, o, n ? ["encrypt"] : ["decrypt"]);
-    s = e.toCryptoKey({
-      name: t.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5",
-      hash: i
-    }, o, [n ? "verify" : "sign"]);
-  }
-  if (e.asymmetricKeyType === "ec") {
-    const i = (/* @__PURE__ */ new Map([
-      ["prime256v1", "P-256"],
-      ["secp384r1", "P-384"],
-      ["secp521r1", "P-521"]
-    ])).get((r = e.asymmetricKeyDetails) == null ? void 0 : r.namedCurve);
-    if (!i)
-      throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-    t === "ES256" && i === "P-256" && (s = e.toCryptoKey({
-      name: "ECDSA",
-      namedCurve: i
-    }, o, [n ? "verify" : "sign"])), t === "ES384" && i === "P-384" && (s = e.toCryptoKey({
-      name: "ECDSA",
-      namedCurve: i
-    }, o, [n ? "verify" : "sign"])), t === "ES512" && i === "P-521" && (s = e.toCryptoKey({
-      name: "ECDSA",
-      namedCurve: i
-    }, o, [n ? "verify" : "sign"])), t.startsWith("ECDH-ES") && (s = e.toCryptoKey({
-      name: "ECDH",
-      namedCurve: i
-    }, o, n ? [] : ["deriveBits"]));
-  }
-  if (!s)
-    throw new TypeError("given KeyObject instance cannot be used for this algorithm");
-  return a ? a[t] = s : g.set(e, { [t]: s }), s;
-}, Ce = async (e, t) => {
-  if (e instanceof Uint8Array || q(e))
-    return e;
-  if (z(e)) {
-    if (e.type === "secret")
-      return e.export();
-    if ("toCryptoKey" in e && typeof e.toCryptoKey == "function")
-      try {
-        return ve(e, t);
-      } catch (a) {
-        if (a instanceof TypeError)
-          throw a;
-      }
-    let r = e.export({ format: "jwk" });
-    return $(e, r, t);
-  }
-  if (U(e))
-    return e.k ? P(e.k) : $(e, e, t, !0);
-  throw new Error("unreachable");
-}, v = (e) => e?.[Symbol.toStringTag], J = (e, t, r) => {
-  var a, n;
-  if (t.use !== void 0) {
-    let o;
-    switch (r) {
-      case "sign":
-      case "verify":
-        o = "sig";
-        break;
-      case "encrypt":
-      case "decrypt":
-        o = "enc";
-        break;
-    }
-    if (t.use !== o)
-      throw new TypeError(`Invalid key for this operation, its "use" must be "${o}" when present`);
-  }
-  if (t.alg !== void 0 && t.alg !== e)
-    throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);
-  if (Array.isArray(t.key_ops)) {
-    let o;
-    switch (!0) {
-      case r === "verify":
-      case e === "dir":
-      case e.includes("CBC-HS"):
-        o = r;
-        break;
-      case e.startsWith("PBES2"):
-        o = "deriveBits";
-        break;
-      case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):
-        !e.includes("GCM") && e.endsWith("KW") ? o = "unwrapKey" : o = r;
-        break;
-      case r === "encrypt":
-        o = "wrapKey";
-        break;
-      case r === "decrypt":
-        o = e.startsWith("RSA") ? "unwrapKey" : "deriveBits";
-        break;
-    }
-    if (o && ((n = (a = t.key_ops) == null ? void 0 : a.includes) == null ? void 0 : n.call(a, o)) === !1)
-      throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${o}" when present`);
-  }
-  return !0;
-}, ke = (e, t, r) => {
-  if (!(t instanceof Uint8Array)) {
-    if (U(t)) {
-      if (be(t) && J(e, t, r))
-        return;
-      throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
-    }
-    if (!Q(t))
-      throw new TypeError(V(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
-    if (t.type !== "secret")
-      throw new TypeError(`${v(t)} instances for symmetric algorithms must be of type "secret"`);
-  }
-}, Pe = (e, t, r) => {
-  if (U(t))
-    switch (r) {
-      case "decrypt":
-      case "sign":
-        if (ge(t) && J(e, t, r))
-          return;
-        throw new TypeError("JSON Web Key for this operation be a private JWK");
-      case "encrypt":
-      case "verify":
-        if (Ae(t) && J(e, t, r))
-          return;
-        throw new TypeError("JSON Web Key for this operation be a public JWK");
-    }
-  if (!Q(t))
-    throw new TypeError(V(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
-  if (t.type === "secret")
-    throw new TypeError(`${v(t)} instances for asymmetric algorithms must not be of type "secret"`);
-  if (t.type === "public")
-    switch (r) {
-      case "sign":
-        throw new TypeError(`${v(t)} instances for asymmetric algorithm signing must be of type "private"`);
-      case "decrypt":
-        throw new TypeError(`${v(t)} instances for asymmetric algorithm decryption must be of type "private"`);
-    }
-  if (t.type === "private")
-    switch (r) {
-      case "verify":
-        throw new TypeError(`${v(t)} instances for asymmetric algorithm verifying must be of type "public"`);
-      case "encrypt":
-        throw new TypeError(`${v(t)} instances for asymmetric algorithm encryption must be of type "public"`);
-    }
-}, Te = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e) ? ke(e, t, r) : Pe(e, t, r);
-}, Re = (e, t) => {
-  const r = `SHA-${e.slice(-3)}`;
-  switch (e) {
-    case "HS256":
-    case "HS384":
-    case "HS512":
-      return { hash: r, name: "HMAC" };
-    case "PS256":
-    case "PS384":
-    case "PS512":
-      return { hash: r, name: "RSA-PSS", saltLength: parseInt(e.slice(-3), 10) >> 3 };
-    case "RS256":
-    case "RS384":
-    case "RS512":
-      return { hash: r, name: "RSASSA-PKCS1-v1_5" };
-    case "ES256":
-    case "ES384":
-    case "ES512":
-      return { hash: r, name: "ECDSA", namedCurve: t.namedCurve };
-    case "Ed25519":
-    case "EdDSA":
-      return { name: "Ed25519" };
-    default:
-      throw new E(`alg ${e} is not supported either by JOSE or your javascript runtime`);
-  }
-}, _e = async (e, t, r) => {
-  if (t instanceof Uint8Array) {
-    if (!e.startsWith("HS"))
-      throw new TypeError(ce(t, "CryptoKey", "KeyObject", "JSON Web Key"));
-    return crypto.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
-  }
-  return ie(t, e, r), t;
-}, Ke = async (e, t, r, a) => {
-  const n = await _e(e, t, "verify");
-  ue(e, n);
-  const o = Re(e, n.algorithm);
-  try {
-    return await crypto.subtle.verify(o, n, r, a);
-  } catch {
-    return !1;
-  }
-};
-async function Ie(e, t, r) {
-  if (!T(e))
-    throw new l("Flattened JWS must be an object");
-  if (e.protected === void 0 && e.header === void 0)
-    throw new l('Flattened JWS must have either of the "protected" or "header" members');
-  if (e.protected !== void 0 && typeof e.protected != "string")
-    throw new l("JWS Protected Header incorrect type");
-  if (e.payload === void 0)
-    throw new l("JWS Payload missing");
-  if (typeof e.signature != "string")
-    throw new l("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !T(e.header))
-    throw new l("JWS Unprotected Header incorrect type");
-  let a = {};
-  if (e.protected)
-    try {
-      const O = P(e.protected);
-      a = JSON.parse(C.decode(O));
-    } catch {
-      throw new l("JWS Protected Header is invalid");
-    }
-  if (!le(a, e.header))
-    throw new l("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const n = {
-    ...a,
-    ...e.header
-  }, o = Se(l, /* @__PURE__ */ new Map([["b64", !0]]), r?.crit, a, n);
-  let s = !0;
-  if (o.has("b64") && (s = a.b64, typeof s != "boolean"))
-    throw new l('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: i } = n;
-  if (typeof i != "string" || !i)
-    throw new l('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const d = r && Ee("algorithms", r.algorithms);
-  if (d && !d.has(i))
-    throw new Y('"alg" (Algorithm) Header Parameter value not allowed');
-  if (s) {
-    if (typeof e.payload != "string")
-      throw new l("JWS Payload must be a string");
-  } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
-    throw new l("JWS Payload must be a string or an Uint8Array instance");
-  let m = !1;
-  typeof t == "function" && (t = await t(a, e), m = !0), Te(i, t, "verify");
-  const b = ae(_.encode(e.protected ?? ""), _.encode("."), typeof e.payload == "string" ? _.encode(e.payload) : e.payload);
-  let h;
-  try {
-    h = P(e.signature);
-  } catch {
-    throw new l("Failed to base64url decode the signature");
-  }
-  const R = await Ce(t, i);
-  if (!await Ke(i, R, h, b))
-    throw new F();
-  let S;
-  if (s)
-    try {
-      S = P(e.payload);
-    } catch {
-      throw new l("Failed to base64url decode the payload");
-    }
-  else typeof e.payload == "string" ? S = _.encode(e.payload) : S = e.payload;
-  const y = { payload: S };
-  return e.protected !== void 0 && (y.protectedHeader = a), e.header !== void 0 && (y.unprotectedHeader = e.header), m ? { ...y, key: R } : y;
-}
-async function Oe(e, t, r) {
-  if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
-    throw new l("Compact JWS must be a string or Uint8Array");
-  const { 0: a, 1: n, 2: o, length: s } = e.split(".");
-  if (s !== 3)
-    throw new l("Invalid Compact JWS");
-  const i = await Ie({ payload: n, protected: a, signature: o }, t, r), d = { payload: i.payload, protectedHeader: i.protectedHeader };
-  return typeof t == "function" ? { ...d, key: i.key } : d;
-}
-const He = (e) => Math.floor(e.getTime() / 1e3), X = 60, Z = X * 60, N = Z * 24, We = N * 7, De = N * 365.25, Je = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, j = (e) => {
-  const t = Je.exec(e);
-  if (!t || t[4] && t[1])
-    throw new TypeError("Invalid time period format");
-  const r = parseFloat(t[2]), a = t[3].toLowerCase();
-  let n;
-  switch (a) {
-    case "sec":
-    case "secs":
-    case "second":
-    case "seconds":
-    case "s":
-      n = Math.round(r);
-      break;
-    case "minute":
-    case "minutes":
-    case "min":
-    case "mins":
-    case "m":
-      n = Math.round(r * X);
-      break;
-    case "hour":
-    case "hours":
-    case "hr":
-    case "hrs":
-    case "h":
-      n = Math.round(r * Z);
-      break;
-    case "day":
-    case "days":
-    case "d":
-      n = Math.round(r * N);
-      break;
-    case "week":
-    case "weeks":
-    case "w":
-      n = Math.round(r * We);
-      break;
-    default:
-      n = Math.round(r * De);
-      break;
-  }
-  return t[1] === "-" || t[4] === "ago" ? -n : n;
-}, L = (e) => e.toLowerCase().replace(/^application\//, ""), Ue = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
-function Ne(e, t, r = {}) {
-  let a;
-  try {
-    a = JSON.parse(C.decode(t));
-  } catch {
-  }
-  if (!T(a))
-    throw new f("JWT Claims Set must be a top-level JSON object");
-  const { typ: n } = r;
-  if (n && (typeof e.typ != "string" || L(e.typ) !== L(n)))
-    throw new p('unexpected "typ" JWT header value', a, "typ", "check_failed");
-  const { requiredClaims: o = [], issuer: s, subject: i, audience: d, maxTokenAge: m } = r, b = [...o];
-  m !== void 0 && b.push("iat"), d !== void 0 && b.push("aud"), i !== void 0 && b.push("sub"), s !== void 0 && b.push("iss");
-  for (const y of new Set(b.reverse()))
-    if (!(y in a))
-      throw new p(`missing required "${y}" claim`, a, y, "missing");
-  if (s && !(Array.isArray(s) ? s : [s]).includes(a.iss))
-    throw new p('unexpected "iss" claim value', a, "iss", "check_failed");
-  if (i && a.sub !== i)
-    throw new p('unexpected "sub" claim value', a, "sub", "check_failed");
-  if (d && !Ue(a.aud, typeof d == "string" ? [d] : d))
-    throw new p('unexpected "aud" claim value', a, "aud", "check_failed");
-  let h;
-  switch (typeof r.clockTolerance) {
-    case "string":
-      h = j(r.clockTolerance);
-      break;
-    case "number":
-      h = r.clockTolerance;
-      break;
-    case "undefined":
-      h = 0;
-      break;
-    default:
-      throw new TypeError("Invalid clockTolerance option type");
-  }
-  const { currentDate: R } = r, S = He(R || /* @__PURE__ */ new Date());
-  if ((a.iat !== void 0 || m) && typeof a.iat != "number")
-    throw new p('"iat" claim must be a number', a, "iat", "invalid");
-  if (a.nbf !== void 0) {
-    if (typeof a.nbf != "number")
-      throw new p('"nbf" claim must be a number', a, "nbf", "invalid");
-    if (a.nbf > S + h)
-      throw new p('"nbf" claim timestamp check failed', a, "nbf", "check_failed");
-  }
-  if (a.exp !== void 0) {
-    if (typeof a.exp != "number")
-      throw new p('"exp" claim must be a number', a, "exp", "invalid");
-    if (a.exp <= S - h)
-      throw new D('"exp" claim timestamp check failed', a, "exp", "check_failed");
-  }
-  if (m) {
-    const y = S - a.iat, O = typeof m == "number" ? m : j(m);
-    if (y - h > O)
-      throw new D('"iat" claim timestamp check failed (too far in the past)', a, "iat", "check_failed");
-    if (y < 0 - h)
-      throw new p('"iat" claim timestamp check failed (it should be in the past)', a, "iat", "check_failed");
-  }
-  return a;
-}
-async function $e(e, t, r) {
-  var a;
-  const n = await Oe(e, t, r);
-  if ((a = n.protectedHeader.crit) != null && a.includes("b64") && n.protectedHeader.b64 === !1)
-    throw new f("JWTs MUST NOT use unencoded payload");
-  const o = { payload: Ne(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
-  return typeof t == "function" ? { ...o, key: n.key } : o;
-}
-function je(e) {
-  if (typeof e != "string")
-    throw new f("JWTs must use Compact JWS serialization, JWT must be a string");
-  const { 1: t, length: r } = e.split(".");
-  if (r === 5)
-    throw new f("Only JWTs using Compact JWS serialization can be decoded");
-  if (r !== 3)
-    throw new f("Invalid JWT");
-  if (!t)
-    throw new f("JWTs must contain a payload");
-  let a;
-  try {
-    a = P(t);
-  } catch {
-    throw new f("Failed to base64url decode the payload");
-  }
-  let n;
-  try {
-    n = JSON.parse(C.decode(a));
-  } catch {
-    throw new f("Failed to parse the decoded payload as JSON");
-  }
-  if (!T(n))
-    throw new f("Invalid JWT Claims Set");
-  return n;
-}
-const Le = async (e) => {
-  try {
-    const t = I.ALG, r = await we(re, t);
-    return await $e(e, r, {
-      issuer: I.ISSUER
-    });
-  } catch {
-    return;
-  }
-}, Xe = (e) => {
-  try {
-    return je(e);
-  } catch {
-    return;
-  }
-}, u = [];
-for (let e = 0; e < 256; ++e)
-  u.push((e + 256).toString(16).slice(1));
-function Me(e, t = 0) {
-  return (u[e[t + 0]] + u[e[t + 1]] + u[e[t + 2]] + u[e[t + 3]] + "-" + u[e[t + 4]] + u[e[t + 5]] + "-" + u[e[t + 6]] + u[e[t + 7]] + "-" + u[e[t + 8]] + u[e[t + 9]] + "-" + u[e[t + 10]] + u[e[t + 11]] + u[e[t + 12]] + u[e[t + 13]] + u[e[t + 14]] + u[e[t + 15]]).toLowerCase();
-}
-let W;
-const xe = new Uint8Array(16);
-function Be() {
-  if (!W) {
-    if (typeof crypto > "u" || !crypto.getRandomValues)
-      throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-    W = crypto.getRandomValues.bind(crypto);
-  }
-  return W(xe);
-}
-const Ye = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto), M = { randomUUID: Ye };
-function x(e, t, r) {
-  var a;
-  if (M.randomUUID && !e)
-    return M.randomUUID();
-  e = e || {};
-  const n = e.random ?? ((a = e.rng) == null ? void 0 : a.call(e)) ?? Be();
-  if (n.length < 16)
-    throw new Error("Random bytes length must be >= 16");
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Me(n);
-}
-const B = globalThis.crypto, Fe = (e) => `${x()}${x()}`.slice(0, e), Ge = (e) => btoa(
-  [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
-);
-async function Ve(e) {
-  if (!B.subtle)
-    throw new Error(
-      "crypto.subtle is available only in secure contexts (HTTPS)."
-    );
-  const t = new TextEncoder().encode(e), r = await B.subtle.digest("SHA-256", t);
-  return Ge(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-async function Ze(e) {
-  const r = Fe(43), a = await Ve(r);
-  return {
-    code_verifier: r,
-    code_challenge: a
-  };
-}
-const et = async (e, t) => {
-  var r;
-  const a = await Le(e);
-  if (!a || !Array.isArray((r = a.payload) == null ? void 0 : r[I.SCOPES_KEY]))
-    return !1;
-  const n = a.payload[I.SCOPES_KEY];
-  return Array.isArray(t) ? t.every((o) => n.includes(o)) : Object.keys(t).some(
-    (o) => t[o].every((s) => n.includes(s))
-  );
-};
-export {
-  I as K,
-  Le as Ye,
-  ze as at,
-  Ze as ct,
-  et as ft,
-  qe as nt,
-  Qe as ot,
-  Xe as st
-};